<?php
class RbacCommand extends CConsoleCommand
{
	private $_authManager;
	
	public function getHelp()
	{
		return "<<<EOD
		USAGE
		rbac
		DESCRIPTION
		This command generates an initial RBAC authorization hierarchy.
		EOD";
	}
	
	/**
	* Execute the action.
	* @param array command line parameters specific for this command
	*/
	public function run($args)
	{
		//ensure that an authManager is defined as this is mandatory
		//for creating an auth heirarchy
		if(($this->_authManager=Yii::app()->authManager)===null)
		{
			echo "Error: an authorization manager, named 'authManager'
			must be configured to use this command.\n";
			
			echo "If you already added 'authManager' component in
			application configuration,\n";
			
			echo "please quit and re-enter the yiic shell.\n";
			
			return;
		}
		
		//provide the oportunity for the use to abort the request
		echo "This command will create three roles: Owner, Member, and
		Reader and the following premissions:\n";
		
		echo "create, read, update and delete user\n";
		
		echo "create, read, update and delete project\n";
		
		echo "create, read, update and delete issue\n";
		
		echo "Would you like to continue? [Yes|No] ";
		
		//check the input from the user and continue if they indicated yes to the above question
		
		if(!strncasecmp(trim(fgets(STDIN)),'y',1))
		{
			//first we need to remove all operations, roles, child relationship and assignments
			$this->_authManager->clearAll();
		
			//create the lowest level operations for users
			$this->_authManager->createOperation("createUser","create a new user");
			$this->_authManager->createOperation("readUser","read user profile information");
			$this->_authManager->createOperation("updateUser","update a users information");
			$this->_authManager->createOperation("deleteUser","remove a user from a project");
		
			//create the lowest level operations for projects
			$this->_authManager->createOperation("createProject","create a new project");
			$this->_authManager->createOperation("readProject","read project information");
			$this->_authManager->createOperation("updateProject","update project information");
			$this->_authManager->createOperation("deleteProject","delete a project");
			
			//create the lowest level operations for issues
			$this->_authManager->createOperation("createIssue","create a new issue");
			$this->_authManager->createOperation("readIssue","read issue information");
			$this->_authManager->createOperation("updateIssue","update issue information");
			$this->_authManager->createOperation("deleteIssue","delete an issue from a project");

			//create the reader role and add the appropriate permissions as children to this role
			$role=$this->_authManager->createRole("reader");
			$role->addChild("readUser");
			$role->addChild("readProject");
			$role->addChild("readIssue");
			
			//create the member role, and add the appropriate permissions, as well as the reader role itself, as children
			$role=$this->_authManager->createRole("member");
			$role->addChild("reader");
			$role->addChild("createIssue");
			$role->addChild("updateIssue");
			$role->addChild("deleteIssue");
			
			//create the owner role, and add the appropriate permissions, as well as both the reader and member roles as children
			$role=$this->_authManager->createRole("owner");
			$role->addChild("reader");
			$role->addChild("member");
			$role->addChild("createUser");
			$role->addChild("updateUser");
			$role->addChild("deleteUser");
			$role->addChild("createProject");
			$role->addChild("updateProject");
			$role->addChild("deleteProject");
			
			//provide a message indicating success
			echo "Authorization hierarchy successfully generated.";
			}
		}
	}
?>